]> andersk Git - openssh.git/blobdiff - servconf.c
andersk / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- (dtucker) [auth-pam.c scard-opensc.c] Tinderbox says auth-pam.c uses
[openssh.git] / servconf.c
diff --git a/servconf.c b/servconf.c
index a6824a86363cd196ac153c3b4d06199ea6a5f0db..467ad64e8b7689804cb8ef75781c59a4219cb76d 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.132 2004/05/08 00:01:37 deraadt Exp $");
 
 #include "ssh.h"
 #include "log.h"
@@ -18,7 +18,6 @@ RCSID("$OpenBSD: servconf.c,v 1.129 2003/12/09 21:53:36 markus Exp $");
 #include "xmalloc.h"
 #include "compat.h"
 #include "pathnames.h"
-#include "tildexpand.h"
 #include "misc.h"
 #include "cipher.h"
 #include "kex.h"
@@ -72,6 +71,7 @@ initialize_server_options(ServerOptions *options)
        options->kerberos_authentication = -1;
        options->kerberos_or_local_passwd = -1;
        options->kerberos_ticket_cleanup = -1;
+       options->kerberos_get_afs_token = -1;
        options->gss_authentication=-1;
        options->gss_cleanup_creds = -1;
        options->password_authentication = -1;
@@ -100,6 +100,7 @@ initialize_server_options(ServerOptions *options)
        options->client_alive_count_max = -1;
        options->authorized_keys_file = NULL;
        options->authorized_keys_file2 = NULL;
+       options->num_accept_env = 0;
 
        /* Needs to be accessable in many places */
        use_privsep = -1;
@@ -181,6 +182,8 @@ fill_default_server_options(ServerOptions *options)
                options->kerberos_or_local_passwd = 1;
        if (options->kerberos_ticket_cleanup == -1)
                options->kerberos_ticket_cleanup = 1;
+       if (options->kerberos_get_afs_token == -1)
+               options->kerberos_get_afs_token = 0;
        if (options->gss_authentication == -1)
                options->gss_authentication = 0;
        if (options->gss_cleanup_creds == -1)
@@ -250,6 +253,7 @@ typedef enum {
        sPermitRootLogin, sLogFacility, sLogLevel,
        sRhostsRSAAuthentication, sRSAAuthentication,
        sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
+       sKerberosGetAFSToken,
        sKerberosTgtPassing, sChallengeResponseAuthentication,
        sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
        sPrintMotd, sPrintLastLog, sIgnoreRhosts,
@@ -262,7 +266,7 @@ typedef enum {
        sBanner, sUseDNS, sHostbasedAuthentication,
        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
-       sGssAuthentication, sGssCleanupCreds,
+       sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
        sUsePrivilegeSeparation,
        sDeprecated, sUnsupported
 } ServerOpCodes;
@@ -301,10 +305,16 @@ static struct {
        { "kerberosauthentication", sKerberosAuthentication },
        { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
        { "kerberosticketcleanup", sKerberosTicketCleanup },
+#ifdef USE_AFS
+       { "kerberosgetafstoken", sKerberosGetAFSToken },
+#else
+       { "kerberosgetafstoken", sUnsupported },
+#endif
 #else
        { "kerberosauthentication", sUnsupported },
        { "kerberosorlocalpasswd", sUnsupported },
        { "kerberosticketcleanup", sUnsupported },
+       { "kerberosgetafstoken", sUnsupported },
 #endif
        { "kerberostgtpassing", sUnsupported },
        { "afstokenpassing", sUnsupported },
@@ -356,6 +366,7 @@ static struct {
        { "authorizedkeysfile", sAuthorizedKeysFile },
        { "authorizedkeysfile2", sAuthorizedKeysFile2 },
        { "useprivilegeseparation", sUsePrivilegeSeparation},
+       { "acceptenv", sAcceptEnv },
        { NULL, sBadOption }
 };
 
@@ -630,6 +641,10 @@ parse_flag:
                intptr = &options->kerberos_ticket_cleanup;
                goto parse_flag;
 
+       case sKerberosGetAFSToken:
+               intptr = &options->kerberos_get_afs_token;
+               goto parse_flag;
+
        case sGssAuthentication:
                intptr = &options->gss_authentication;
                goto parse_flag;
@@ -878,6 +893,19 @@ parse_flag:
                intptr = &options->client_alive_count_max;
                goto parse_int;
 
+       case sAcceptEnv:
+               while ((arg = strdelim(&cp)) && *arg != '\0') {
+                       if (strchr(arg, '=') != NULL)
+                               fatal("%s line %d: Invalid environment name.",
+                                   filename, linenum);
+                       if (options->num_accept_env >= MAX_ACCEPT_ENV)
+                               fatal("%s line %d: too many allow env.",
+                                   filename, linenum);
+                       options->accept_env[options->num_accept_env++] =
+                           xstrdup(arg);
+               }
+               break;
+
        case sDeprecated:
                logit("%s line %d: Deprecated option %s",
                    filename, linenum, arg);
git-cvsimport mirror of OpenSSH
This page took 0.0355 seconds and 4 git commands to generate.